The operation of Log Insight depends on certain services, ports, and external interfaces.

Log Insight uses several communication ports and protocols.

Log Insight network traffic has several sources.

Admin workstation

The machine that a system administrator uses to manage the Log Insight virtual appliance remotely.

User workstation

The machine on which a Log Insight user uses a browser to access the web interface of Log Insight.

System sending logs

The endpoint that sends logs to Log Insight for analysis and search. For example, endpoints include ESXi hosts, VMs or any system with an IP address.

Log Insight Windows Agent

The agent that resides on a Windows machine and sends Windows events and logs to Log Insight over APIs.

Log Insight appliance

Any Log Insight virtual appliance, master or worker, where the Log Insight services reside. The base operating system pf the appliance is SUSE 11 SP3.

Log Insight master node

In cluster mode, Log Insight consists of multiple nodes, including one master node and several worker nodes. When you issue a query, it goes first to the master node. The master node processes the query, distributes the work to multiple worker nodes, collects and aggregates the result, and sends it back to you. You use the Log Insight master node to configure the entire system. In standalone mode, the only node is both the master node and the worker node.

Source

Destination

Port

Protocol

Service Description

Admin workstation

Log Insight appliance

22

TCP

SSH: Secure Shell connectivity

User workstation

Log Insight appliance

80

TCP

HTTP: Web interface

User workstation

Log Insight appliance

443

TCP

HTTPS: Web interface

System sending logs

Log Insight appliance

514

TCP, UDP

Syslog data

System sending logs

Log Insight appliance

1514, 6514

TCP

Syslog data over SSL

Log Insight Windows Agent

Log Insight appliance

9000

TCP

Log Insight Ingestion API

Log Insight appliance

NTP server

123

UDP

NTPD: Provides NTP time synchronization

Note

The port is open only if you choose to use NTP time synchronization

Log Insight appliance

Log Insight appliance

59778, 16520-16580

TCP

Log Insight services

Log Insight appliance

Mail Server

465

TCP

SMTPS: MTP mail service over SSL

Log Insight appliance

Log Insight master node

12543

TCP

Postgres database server

Note

Port 12543 is open only on the Log Insight master node. The Postgres database server runs on the master node.

Log Insight master node

DNS server

53

TCP, UDP

DNS

Log Insight master node

AD server

389

TCP, UDP

Active Directory

Note

The port is open only if you enable Active Directory integration.

Log Insight master node

AD server

636

TCP

Active Directory over SSL

Note

The port is open only if you enable Active Directory integration.

Log Insight master node

AD server

3268

TCP

Active Directory Global Catalog

Note

The port is open only if you enable Active Directory integration.

Log Insight master node

AD server

3269

TCP

Active Directory Global Catalog SSL

Note

The port is open only if you enable Active Directory integration.

The following ports are open but not used by Log Insight, and can be safely blocked by a firewall. They will be closed by default in a future release.

Destination

Port

Protocol

Service Description

Log Insight appliance

111

TCP, UDP

RPCbind service that converts RPC program numbers into universal addresses

Log Insight appliance Tomcat service

9007

TCP

Tomcat services